Endpoint

1/28/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Patent Eliminates Passwords

Patented technology from TextPower verifies your identity while simplifying website logins; introduces SnapID(TM) that replaces usernames and passwords

SAN JUAN CAPISTRANO, CA., January 28, 2015 – Today on National Data Privacy Day, TextPower announces that the company has been granted an important patent for a “text messaging authentication system” that is the basis for the company’s TextKey™ platform. Websites using the TextKey™ platform will offer their users higher security, easier logins and less hassle and save themselves from the most common cause of customer support calls – lost login IDs and passwords.  TextKey™ will significantly reduce enterprise or e-commerce website operating costs and inoculate them against the most common forms of hacking: social engineering, password theft, key loggers and phishing schemes. 

Unlike commonly available authentication systems TextKey™ users send a simple text message (SMS) from their cell phone to authenticate their identity. Through this one simple text message, multiple factors are authenticated using the patented technology forming a highly secure barrier to hacking.  The TextKey™ system also employs a secure connection, completely outside the browser environment, that eliminates man-in-the-middle attacks making it significantly more secure than any other SMS-based two factor authentication technologies.  Without physical possession of the authorized cell phone and knowing the user's personal PIN, identity thieves cannot login to an account using someone else's credentials. 

“What an appropriate day to receive a patent for our authentication technology and announce our one-step secure login product, SnapID™,” said Scott Goldman, CEO of TextPower. “SnapID™, a new product based on our patented TextKey™ platform, eliminates the need for both user IDs and passwords.  No more remembering, typing, managing or resetting passwords.  No more lists, sticky notes or password managers to handle the dozens of login credentials we all use everyday.  To login, users 'just text it'."

SnapID™ doesn’t just solve the password problem – it eliminates it and will fundamentally change the way people login to websites, use ATMs, buy pay-per-view movies, checkout at cash registers and any other process that requires identification and authentication.  Cell phones have already replaced address books, cameras, calculators, boarding passes, navigation systems, music players and even heart rate monitors.  By using them to send a simple text message they can now replace userIDs, passwords, authentication tokens, USB keys and the ubiquitous – and reviled – login box on every website.

A SnapID™-enabled website will have a “Login with SnapID™” button along with the traditional username and password fields. Visitors who have registered for a free SnapID™ account will simply click that button; a one-time password then appears on their computer screen. The visitor sends a plain text message with the one-time password from their registered cell phone (which doesn’t need to be a smart phone) and they are then logged in securely.  Logging in takes about as long as it takes to send a text message and is explained in this 2-minute video: https://vimeo.com/107771091
For more information on TextKey™, visit http://www.textkey.com. To register for SnapID™ and check out the demo, visit http://www.snapid.co or text “NoMorePasswords” to 81888. 

About TextPower, Inc.
TextPower, Inc. provides alerting and authentication solutions to a variety of industries worldwide using text messaging (SMS). The company's software and text messaging services help companies enhance their revenues, decrease costs and improve customer service. TextPower's patented authentication technology (Patent No. #8943561) replaces tokens or security fobs previously needed as a second factor of authentication to verify the identity of online users for password-protected applications. TextPower's mission-critical infrastructure employs geo-redundancy for the industry's highest reliability, providing delivery to virtually every cell phone in the United States and connections to most recognized wireless operators around the world. Visit http://www.TextPower.com, email [email protected] or call 888.818.1808 for more information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ScottJGoldman
50%
50%
ScottJGoldman,
User Rank: Apprentice
1/29/2015 | 7:24:14 PM
Re: What's so bad about passwords?
FULL DISCLOSURE: I am the co-founder and CEOMof TextPower, the company mentioned in this article that developed the patented technology. To be clear, our system does use a cell phone to send text messages but there are also other aspects to the patent. The pertinent fact, though, is that the cell phone transmits a critical and unique piece of information about itself when it SENDS, but not when it receives, a text message. Passwords are yes, easily implemented, changeable, recoverable, etc. The problem is that they are also easily compromised, forgotten and guessed. Imagine that you had a personal keypad that could log you into any website. You'd never have to choose, remember, record, reset or type an ID or password ever again. You'd just type a few numbers on the keypad and hit "enter" and the magic behind the keypad would identify you and authenticate you all in one step, That's what SnapID does - your cell phone is that personal keypad and the patented technology is the magic.
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
1/28/2015 | 9:36:28 PM
We cannot live without the likes of passwords.
Some people shout that the password is dead or should be killed dead.  The password could be killed, however, only when there is an alternative to the password.  Something belonging to the password(PIN, passphrase, etc)and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password.  Neither can be something that has to be used together with the password (biometrics, auto-login, etc).

At the root of the password headache is the cognitive phenomena called "interference of memory", by which we cannot firmly remember more than 5 text passwords on average.  What worries us is not the password, but the textual password.  The textual memory is only a small part of what we remember.  We could think of making use of the larger part of our memory that is less subject to interference of memory.  More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
MrKlingon01
50%
50%
MrKlingon01,
User Rank: Apprentice
1/28/2015 | 1:40:22 PM
What's so bad about passwords?
Yes, I know - I deal with compromised accounts and passwords every day - but I don't see how someone gets a patent for a system that requires a user has a cellphone. Passwords are easily implemented, easily changed, revoked and can be shared when you need to delegate authorization - this isn't a bad thing. 
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.